Sign In

CVE-2021-23240

ADVISORY - nist

Summary

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

EPSS Score: 0.00172 (0.391)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - redhat

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in